The system and method of the present embodiment relate generally to spoofing detection of unencrypted civilian Global Navigation Satellite System (GNSS) signals.
The vulnerability of unencrypted civilian GNSS signals to spoofing has been known. Spoofing is the intentional broadcast of signals that appear to user equipment (UE) to be true signals, but are actually false signals. Spoofing of GNSS signals can, for example, cause a user receiver to determine that it occupies a different location than its true location, or to determine erroneous corrections to its receiver clock time. Encrypted signals, such as the U.S. Military's Global Positioning System (GPS) P(Y) and M codes, cannot be spoofed because these signals' pseudo-random number (PRN) spreading codes are encrypted; they are not known a priori. A military receiver has access to these PRN codes and uses them to separate the true signal from all other signals in the GPS spectrum. A spoofer cannot know these codes in advance. Therefore, a spoofer cannot broadcast a signal that a military receiver's PRN-code-based signal processing algorithms will mistake for the true signal.
Unencrypted civilian signals, on the other hand, are well known to anyone who has the relevant publicly available document, for example, for GPS signals, Nastar Global Positioning System Interface Specification (IS-GPS-200 Revision D, IRN-200D-001, ARINC Engineering Services, El Segundo, Calif., March 2006) (IS). Similar documents are being produced for the open-source civilian signals of the European Union's Galileo system, which is under development. The information contained in the IS can be used to produce a false unencrypted signal that is capable of spoofing a GNSS receiver. It is also possible to spoof a civilian GNSS receiver in a way that leaves no telltale signs.
What is needed is a system and method to detect spoofing attacks on unencrypted GNSS signals by considering short segments of accompanying encrypted signals. The GPS and the Galileo system both broadcast encrypted and unencrypted signals. For example, the GPS L1 signal, at 1575.42 MHz, includes the unencrypted Coarse Acquisition C/A code and the encrypted Precise P(Y) code, with the two signals modulated in phase quadrature. This known phase relationship is exploited by dual-frequency civilian GPS receivers that do semi-codeless P(Y) processing of signals at the L1 and L2 frequencies. Similarly, the Galileo E1 signal, also at a carrier frequency of 1575.42 MHz, includes the unencrypted E1B and E1C signals along with the encrypted E1A signal. The encrypted signal is generated in quadrature to the other two signals.
What is further needed is a UE that can intermittently process short segments of the encrypted signals and compare them to their known PRN codes, even if the encrypted signals are not known to the UE at the time that the given signal segments arrive. What is still further needed is pre-processing of each signal segment by the user receiver in a way that enables it to efficiently perform an after-the-fact comparison with the encrypted signal's properties. This pre-processing can be enabled by the known phase relationship of the encrypted signal to the unencrypted signal because the unencrypted signal can be tracked by the receiver. Further efficiencies in the pre-processing can be had if additional information is known about the encrypted signals, such as the W-bit timing of the GPS P(Y) code or the binary-offset-carrier (BOC) phase of the GPS M code or the Galileo E1A code.